CVE-2022-36782

Pal Electronics Systems - Pal Gate Authorization Errors

Description

Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerability is an authorization problem in PalGate device management android client app. Gates of bulidings and parking lots with a simple button in any smartphone. The API was found after a decompiling and static research using Jadx, and a dynamic analasys using Frida. The attacker can iterate over all the IOT devices to see every entry and exit, on every gate and device all over the world, he can also scrape the server and create a user's DB with full names and phone number of over 2.8 million users, and to see all of the users' movement in and out of gates, even in real time.

Remediation

Solution:

Update to the latest version

5.9

CVSS

Severity: Medium

CVSS 3.1 •

EPSS 0.05%

Third-Party Advisory gov.il

Affected: Pal Electronics Systems Pal Gate

References

Link	Tags
https://www.gov.il/en/Departments/faq/cve_advisories	vdb entry third party advisory

Frequently Asked Questions

What is the severity of CVE-2022-36782?: CVE-2022-36782 has been scored as a medium severity vulnerability.
How to fix CVE-2022-36782?: To fix CVE-2022-36782: Update to the latest version
Is CVE-2022-36782 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-36782 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-36782?: CVE-2022-36782 affects Pal Electronics Systems Pal Gate.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.